Debian Firefox vulnerabilities

CVE-2023-4057 [CRITICAL] CVE-2023-4057: firefox - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 11... Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1. Scope: local sid: resolved (fixed i

CVE-2023-32216 [CRITICAL] CVE-2023-32216: firefox - Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell... Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 1

CVE-2023-34416 [CRITICAL] CVE-2023-34416: firefox - Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 1... Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. Scope: local sid: resolved (f

CVE-2023-4058 [CRITICAL] CVE-2023-4058: firefox - Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-5176 [CRITICAL] CVE-2023-5176: firefox - Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 11... Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Scope: local sid: resolved (fixed i

CVE-2023-5731 [CRITICAL] CVE-2023-5731: firefox - Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of... Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119. Scope: local sid: resolved (fixed in 119.0-1)

CVE-2023-25744 [HIGH] CVE-2023-25744: firefox - Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these ... Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Scope: local sid: resolved (fixed in 110.0-1)

CVE-2023-6866 [HIGH] CVE-2023-6866: firefox - TypedArrays can be fallible and lacked proper exception handling. This could lea... TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-6207 [HIGH] CVE-2023-6207: firefox - Ownership mismanagement led to a use-after-free in ReadableByteStreams This vuln... Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-6861 [HIGH] CVE-2023-6861: firefox - The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflo... The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Scope: local sid: resolved (fixed in 121.0-1)

CVE-2023-3600 [HIGH] CVE-2023-3600: firefox - During the worker lifecycle, a use-after-free condition could have occurred, whi... During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1. Scope: local sid: resolved (fixed in 115.0.2-1)

CVE-2023-32215 [HIGH] CVE-2023-32215: firefox - Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily M... Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to r

CVE-2023-32207 [HIGH] CVE-2023-32207: firefox - A missing delay in popup notifications could have made it possible for an attack... A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Scope: local sid: resolved (fixed in 113.0-1)

CVE-2023-5217 [HIGH] CVE-2023-5217: chromium - Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5... Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 117.0.5938.132-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.132-1~deb11u1) forky: resolved

CVE-2023-29541 [HIGH] CVE-2023-29541: firefox - Firefox did not properly handle downloads of files ending in <code>.desktop</cod... Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. *This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Andro

CVE-2023-6212 [HIGH] CVE-2023-6212: firefox - Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 11... Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in

CVE-2023-28176 [HIGH] CVE-2023-28176: firefox - Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these b... Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Scope: local sid: resolved (fixed in 111.0-1)

CVE-2023-37211 [HIGH] CVE-2023-37211: firefox - Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 1... Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Scope: local sid: resolved (fixed

CVE-2023-4050 [HIGH] CVE-2023-4050: firefox - In some cases, an untrusted input stream was copied to a stack buffer without ch... In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)

CVE-2023-4047 [HIGH] CVE-2023-4047: firefox - A bug in popup notifications delay calculation could have made it possible for a... A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Scope: local sid: resolved (fixed in 116.0-1)